News Next article

Scam safety: Our top tips for avoiding phishing scams

With phishing scams on the rise, knowing how to avoid them is more important than ever. We'll show you how.

By Trust and Safety 9 October 2023

Don't give a hacker the chance to steal your information.

If you receive communication from a company asking you to do something, like login, make a payment or confirm your credit card details, it's important to be sure it's actually them. Just like in the real world, there are criminals online trying to make a dishonest buck.

Remember: when it comes to scams, anyone can be a victim – and it's never the victim's fault.

What is a phishing scam?

A phishing scam is where a criminal pretends to be a trusted business or organisation, trying to trick you into handing over your personal information. Over the years, we've seen these scams become more and more convincing – making them harder for people to spot. Sometimes they can be pretty convincing.

How it usually works:

  • You'll get an email, text, or phone call. It looks like it's from a trusted brand or organisation, like Trade Me or your bank. They may also pose as a buyer or seller from Trade Me.
  • They say something like: "Your account has been hacked, please log in to secure it" or "An unauthorised transaction has been made".
  • They'll ask you to do something, like log in or provide payment information.
  • They've stolen your personal data.

Remember: All emails from Trade Me end in '' – and we'll never, ever ask for your password via email.

Signs that an email, text or call isn't legit

  • You don't recognise the email address or phone number.
  • They're asking you to do something urgently.
  • They claim or imply that something bad will happen if you don't do what they ask.
  • They've asked for your personal information, like login details or your credit card.
  • They haven't addressed you by your first name. If you have an account with them, they'll know your name.
  • There is incorrect spelling or poor grammar.
  • You don't have an account with the organisation.

If the email is about something you've bought or sold on Trade Me, check the sender's email against the buyer's or seller's email address in your Won items or Sold items.

What should I do?

  • Be cautious of unexpected or strange-looking emails, texts or calls.
  • Who sent it?
    Make sure the end of the sender's email address matches their actual website address. For example, an email from IRD should end in ''
  • Don't click any links.
    If you've clicked a link, run a full virus check on your device right away – before doing anything else.
  • If you've entered your credit card details
    Contact your bank to cancel your card. They'll also help make sure your account is secure.
  • Delete the email and block the sender. Don't reply or engage with them.
  • Contact the organisation directly.
    Don't click any links. Leave the email or text and go to their website to contact them – so you know you're dealing with the right people.
  • Get a second opinion from a trusted friend or family member.

If the sender is pretending to be Trade Me, forward the email to our Fraud team, or email us a screenshot of it along with the sender's email address to They're also available on live chat Monday to Friday.

Think you've come across a scam?

Report it to Netsafe.

Learn more

I think I've been a victim – what can I do?

If you've fallen victim – it's not your fault. These scammers are getting more sophisticated every day and are really good at fooling everyday people.

Never feel ashamed to ask for help if you need it.

Want to learn more?
Check out our Scams articles to help keep yourself safe online.
Learn more


Trust and Safety
Trust and Safety